package com.hhu.wangzb.server.controller;

import com.alibaba.fastjson.JSON;
import com.auth0.jwt.JWTCreator;
import com.hhu.wangzb.common.entity.UserEntity;
import com.hhu.wangzb.common.entity.UserPermissionEntity;
import com.hhu.wangzb.common.security.AuthenticationInfo;
import com.hhu.wangzb.common.security.constant.SecurityConstants;
import com.hhu.wangzb.common.utils.QueryMap;
import com.hhu.wangzb.common.utils.R;
import com.hhu.wangzb.server.service.AuthenticateService;
import com.hhu.wangzb.server.service.UserPermissionService;
import com.hhu.wangzb.shiro.filter.JwtFilter;
import com.hhu.wangzb.shiro.jwt.payload.ClaimsLoader;
import com.hhu.wangzb.shiro.jwt.util.JwtUtils;
import com.hhu.wangzb.shiro.util.AuthenticationUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
public class AuthenticateController {

    @Autowired
    AuthenticateService authenticateService;

    @Autowired
    UserPermissionService userPermissionService;

    @PostMapping("/authenticate")
    public R authenticate(String username, String password) {

        // 认证
        UserEntity user = authenticateService.authenticate(username, password);

        QueryMap map = new QueryMap();
        map.put("u_id", user.getId());
        // 获取用户权限
        List<UserPermissionEntity> userPermissionEntities = userPermissionService.queryListByParamsMap(map);
        List<String> permissions = new ArrayList<>();
        for (UserPermissionEntity entity : userPermissionEntities) {
            permissions.add(entity.getPermission());
        }

        // 生成jwt token
        String token = JwtUtils.generateToken(new ClaimsLoader() {
            @Override
            public void load(JWTCreator.Builder builder) {
                // 后面携带token访问 后端可获取的键值
                builder.withClaim(SecurityConstants.S_SESSION_USER_ROLE, user.getRole());
                builder.withClaim(SecurityConstants.S_SESSION_USER_ID, user.getId());
                builder.withArrayClaim(SecurityConstants.S_SESSION_USER_PERMISSIONS, permissions.toArray(new String[0]));
            }
        });

        // 登陆状态存储
//        AuthenticationUtils.setAuthenticationInfo(new AuthenticationInfo(user.getId(), user.getRole(), permissions));

        // 返回
        R response = R.ok();
        response.put("token", token);
        response.put("role", user.getRole());
        response.put("username", user.getUsername());
        response.put("name", user.getRealName());
        response.put("permissions", permissions);

        return response;
    }

    @PostMapping("/logout")
    public R logout() {
//        AuthenticationUtils.invalidate();

        return R.ok("退出登录成功！");
    }

    @RequestMapping("/forbidden")
    public R forbidden() {

        return R.error("权限不足！");
    }

}
